MidnightBSD

Advisories for unclassified_newsboard

CVE-2005-2855 MEDIUM

Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
unclassified_newsboard unclassified_newsboard 1.5.3
CVE-2006-2405 MEDIUM

Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
unclassified_newsboard unclassified_newsboard 1.5.3a
unclassified_newsboard unclassified_newsboard 1.5.3_patch3
unclassified_newsboard unclassified_newsboard 1.5.3
unclassified_newsboard unclassified_newsboard *
unclassified_newsboard unclassified_newsboard 1.6.1
CVE-2006-2406 LOW

Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
unclassified_newsboard unclassified_newsboard *